Protect video file from authorized person under linux!

mohamadhawi

🙂 Hi I have a project to buy video files online and i want to protect these files from authorized person my files it's under linux platforms it's possible to do that ??

AstroTeg

I'm assuming the level of protection you're looking for is the video is not accessible but to only those who have purchased it (and if they purchase it, can they only download it within a certain time frame?).

I've done this with ebooks...

Put the file in a non-web accessible directory. This means no matter how you enter the URL in your browser, you will never get the file. Your hosting provider should allow you to place files one directory above the directory where your site's index.html is located. Example:

Web site hosted from:
/home/myname/public_html/

But I have access to:
/home/myname/ <-- at this dir level is what you want at the minimum

I'd then recommend creating a subdirectory to keep track of your files. Something like this would work:
/home/myname/videos/

You'll need to fiddle with the directory/file permissions so PHP can at least read the files.

Back to your website, you'll need to put together a simple PHP page that specializes in just feeding that video to the browser. It would be something like:

header('Content-type: ' . $filecontenttype);
readfile('/home/myname/videos/' . $videofilename);

You'll need to figure out the content type that matches the video file you plan to send to the client (and change $filecontenttype as need needed).

This sends a file to a client browser (just run the script and it should work).

Trick is now you need to code in your parameters to who has access and who will not.

If you're using sessions, cookies, or something else, you'll need to have this script (lets call it download.php) read those variables and determine if the user is allowed to download the file. You could even check a database - maybe have it look up the purchase date/time and check the current date/time and see if its been X hours since they purchased and if they're allowed to still download it. You may decide to make it session based and if their session times out, they're stuck (although I really wouldn't recommend this if the file is big and their download times out for some reason).

A simple modification to limit downloads:

if($_GET['download'] == 'yes')
{
  header('Content-type: ' . $filecontenttype);
  readfile('/home/myname/videos/' . $videofilename);
}  // end if($_GET['download'] == 'yes')

This is a pretty silly example because its not at all secure, but should give you an idea what you need to do to control the downloading. You could even toss in some stat tracking in there to keep track of the number of downloads and maybe number of invalid downloads...

mohamadhawi

Thanks for your reply ..

but the problem it the user have the right to download the file to his PC.
And the client want to protect this file !!!
I found a technique in Microsoft named DRM "Digital Right Managment" user connect evry time he need to show this file but it's only for Windows platforms with .Net

my ask is if exist this technique with linux.

Best Regards

AstroTeg

Microsoft DRM...

You're talking to a guy that had to write a copyright holder CMS for Window's media files and then apply the DRM to the files.

Pick a video technology that supports DRM.

MPG probably is not going to work.
AVI doesn't have DRM (the last time I checked)
Not sure about QuickTime.
RealMedia I believe does.
WMV has DRM

I don't know about RealMedia and what their support and DRM is like. It might be something to look into and has a chance of supporting Linux. Otherwise, WMV + DRM would be the way to go and yes, you would have to have a Windows server. Actually, you'd have to have what's called DAS (digital asset server) to manage your videos. Its usually recommended this is a 2nd server and NOT on the same server as the web server. I think there's only a handful of providers out there that cater to managing your DRM files. I had worked at one of them.

The only other option is you create your own format and player and distribute the player as well as the media. Then you have complete control over the content.